Protecting Serverless Workloads from DDoS and API Based Threats: a Multi-Layered Security Approach

EasyChair Preprint 15875

Abstract

Serverless computing offers cost-efficient, scalable, and event-driven architectures that eliminate the need for infrastructure management. However, the stateless and ephemeral nature of serverless workloads makes them highly susceptible to Distributed Denial-of-Service (DDoS) attacks and API-based threats. Attackers exploit unprotected APIs, misconfigured access controls, and excessive function invocations to degrade performance, increase costs, and compromise sensitive data. Traditional security measures, such as network-based firewalls and intrusion detection systems (IDS), are ineffective in mitigating these risks due to the cloud native, decentralized nature of serverless functions. This paper presents a multi-layered security approach that combines rate limiting, API authentication, Web Application Firewalls (WAF), and AI-driven anomaly detection to protect serverless applications from evolving threats. We explore DDoS mitigation strategies, secure API management, and cloud-native security best practices, ensuring resilient and cost effective serverless deployments.

Keyphrases: API Security, Cloud Security, DDoS mitigation, Serverless security, Threat Detection, Web Application Firewall, Zero Trust

@booklet{EasyChair:15875,
  author    = {Holmes Walter},
  title     = {Protecting Serverless Workloads from DDoS and API Based Threats: a Multi-Layered Security Approach},
  howpublished = {EasyChair Preprint 15875},
  year      = {EasyChair, 2025}}